f49425d5bd94e9a90529b224958a6e90179b87802f25459a201c525f77f81999

Sharing

Copy URL

Twitter E-mail

General

Target

f49425d5bd94e9a90529b224958a6e90179b87802f25459a201c525f77f81999
Size

2.5MB
MD5

4da4d421f513bf72439b2e34af71e25b
SHA1

4344773141212e8be424ad0fd268ac9da83f326c
SHA256

f49425d5bd94e9a90529b224958a6e90179b87802f25459a201c525f77f81999
SHA512

2dd43bb05cd2f225b79e68d06b4ed00b1d6e257915e9fcdcefbe51900c3f63b6719918410d2015eeaa02f709b4f4432f7d8a3f47fbc86e46b1acf89866658980

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

resource	yara_rule
sample	cryptone

Files

f49425d5bd94e9a90529b224958a6e90179b87802f25459a201c525f77f81999
.dll windows x86

1113bba399c8ce23825189d1e4133356

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
RaiseException
SetThreadPriority
GetSystemTimeAdjustment
GetConsoleAliasesW
GetCommState
GlobalWire
SetConsoleCP
SetConsoleOutputCP
lstrlenW
GetAtomNameW
CreateTapePartition
WriteProfileSectionA
CancelTimerQueueTimer
_lread
SetFileApisToANSI
GetUserDefaultLCID
GetLastError
VirtualAlloc

user32

GetKeyboardType
CreateWindowExW
GetQueueStatus
LoadIconA

gdi32

UnrealizeObject
GetTextExtentExPointA
GetRandomRgn
GetEnhMetaFileW
GetStockObject
AddFontResourceA
GetEnhMetaFileBits

comdlg32

PrintDlgA

advapi32

RegQueryValueExA
SetSecurityDescriptorDacl
GetTokenInformation
GetKernelObjectSecurity
StartServiceA
RegOpenKeyA

shell32

Shell_NotifyIconA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA

ole32

CreateStreamOnHGlobal
IsEqualGUID
GetHGlobalFromStream

comctl32

ImageList_SetIconSize
ImageList_Write
UninitializeFlatSB

imm32

ImmGetVirtualKey

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata3
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata6
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata5
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata4
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1113bba399c8ce23825189d1e4133356

Code Sign

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

comctl32

imm32

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 2.3MB - Virtual size: 2.3MB

.rdata3 Size: 102KB - Virtual size: 101KB

.data Size: 2KB - Virtual size: 2KB

.rdata6 Size: 1024B - Virtual size: 1000B

.rdata5 Size: 1024B - Virtual size: 1000B

.rdata4 Size: 1024B - Virtual size: 1000B

.rsrc Size: 104KB - Virtual size: 104KB

.reloc Size: 512B - Virtual size: 380B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2.3MB - Virtual size: 2.3MB

.rdata3
Size: 102KB - Virtual size: 101KB

.data
Size: 2KB - Virtual size: 2KB

.rdata6
Size: 1024B - Virtual size: 1000B

.rdata5
Size: 1024B - Virtual size: 1000B

.rdata4
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 104KB - Virtual size: 104KB

.reloc
Size: 512B - Virtual size: 380B